Penetration Testing mailing list archives
[PEN-TEST] War Dialers, Brute Force, etc.
From: Vanja Hrustic <vanja () RELAYGROUP COM>
Date: Sun, 3 Sep 2000 10:42:02 +0700
On Fri, 1 Sep 2000, Todd Beebe wrote:
Toneloc is good for finding modems. But, the value of the commercial products (both TeleSweep Secure and PhoneSweep) is the username/password guessing (read vulnerability testing).
Now that you mention this... I wonder if there are any commercial tools that enable you to do 'extensive' (I don't know if this is the good word :) brute force against remote systems? I'm not talking about "dial a modem and gues user/pass" only. I'm talking about brute-force against various services (POP3, telnet, etc.), finding valid users (finger, SMTP using expn or 'rcpt to:', using '~username' on web servers, etc.), 'bouncing'... For example: During the test, you manage to get into a switch that was 'forgotten', and you can use it to connect to systems behind the firewall (I'm not inventing this, so no flames, please :). Now, in order to do brute force, you *must* connect through that switch - you can't connect directly. Are there any commercial tools that provide 'features' like this, where one needs to establish 1 or more sessions to remote host(s) before actually running brute force? Or, you dial into some terminal server (or whatever), and from there you can connect to the remote system in order to perform brute-force. Or, in there is badly configured proxy server that will let you connect to 'internal' systems using CONNECT (or GET), and from there you can start brute force. Simply, are there any tools that can take advantage of all the 'misconfigurations' on the remote network, or all the tools assume that you will just brute-force the 1st system you connect to? Also, how do all those 'commercial' (well, let's say "proprietary" - it doesn't have to be commercial, but important thing is that you can't modify it easily) tools determine what kind of dictionary they should use? Does person who run the tool need to choose before the brute force starts, or ... ? Tool chooses it based on banners maybe? I ask that for silly reason - I've used to modify /bin/login (for fun only, long ago, but I know that some people are still doing things like this :) so that when you connect to the UNIX box and try to login, you'll see something like (and hear a 'beep' as well ;): Welcome to VAX/VMS 5.5 on node WHATEVER Username: TEST Password: User authorization failure Username: etc... What would 'automated' tool to in this case? (try to send CTRL+Z first? ;) My (well, I should say "our" :) 'choice' for all brute-forcing tools is - Perl (plus IO::Socket and few other modules, when/if needed). But again, for me it's more important "what dictionary I'm using" than "what tool I'm using":) I wonder what other people are using :) Thanks. Vanja Hrustic The Relay Group http://relaygroup.com
Current thread:
- Re: [PEN-TEST] War Dialers, (continued)
- Re: [PEN-TEST] War Dialers Maks, Steven (ISS eServices) (Sep 01)
- Re: [PEN-TEST] War Dialers Lastname, Firstname (Sep 01)
- Re: [PEN-TEST] War Dialers Thorp, Michael (Sep 01)
- Re: [PEN-TEST] War Dialers Herring, Simon (Sep 01)
- Re: [PEN-TEST] War Dialers Batten, Gerald (Sep 01)
- Re: [PEN-TEST] War Dialers Davidson,Sam (Sep 01)
- Re: [PEN-TEST] War Dialers list Talisker (Sep 05)
- Re: [PEN-TEST] War Dialers Todd Beebe (Sep 02)
- Re: [PEN-TEST] War Dialers Teicher, Mark (Sep 03)
- Re: [PEN-TEST] War Dialers Todd Beebe (Sep 02)
- [PEN-TEST] War Dialers, Brute Force, etc. Vanja Hrustic (Sep 02)
- Re: [PEN-TEST] War Dialers Teicher, Mark (Sep 03)
- Re: [PEN-TEST] War Dialers Laumann, Dave (Sep 02)
- Re: [PEN-TEST] War Dialers Todd Beebe (Sep 03)
- Re: [PEN-TEST] War Dialers Kurt Buff (Sep 03)
- Re: [PEN-TEST] War Dialers Teicher, Mark (Sep 05)
- Re: [PEN-TEST] War Dialers Todd Beebe (Sep 03)
- Re: [PEN-TEST] War Dialers Batten, Gerald (Sep 05)
- Re: [PEN-TEST] War Dialers iNature - David Martin (Sep 05)
- Re: [PEN-TEST] War Dialers Todd Beebe (Sep 05)
- Re: [PEN-TEST] War Dialers Todd Beebe (Sep 05)
(Thread continues...)